Archive: January, 2015

You’re PCI DSS compliant. Your ERP system is PA-DSS certified. You implemented appropriate security checks in your checkout process. So you have nothing to worry about when it comes to security, right? Maybe…

According to the 2014 Trustwave Global Security Report, 96% of the applications scanned by Trustwave had at least one serious security vulnerability. Further, when detecting a security breach, the Report also revealed that, although 71% of the victims did not detect the breach themselves, doing so would have shortened the containment time from two weeks to 1 day.

An Incident Response Plan may have helped those victims detect those breaches themselves. As explained in Trustwave’s report, an Incident Response Plan is necessary to detect and deter threats. It provides advice for an Incident Response Plan, as well as responses to indicators of compromise. The report outlines these five steps for an Incident Response Plan:

Train your staff on the best security practices.

Enforce passphrases or strong passwords (minimum of sevencharacters and combination of upper/lower case letters, symbols, and numbers). The report revealed that 31% of compromises were caused by weak passwords. Also use two-factor authentication when accessing the network.

Secure your data. Test and scan to identify and fix flaws early.

Use penetration testing on your system to identify vulnerabilities andunderstand how your data can be attacked.

Plan your response to a breach and practice the Plan.

The Report also revealed that 85% of the exploits detected were of third-party plug-ins. It contains statistics about locations and targeted industries, vulnerable types of applications, top vulnerabilities and severities, methods of intrusion and delivery, regulations, and much more.

Trustwave’s 123-page report is impressive and eye-opening. Knowing your enemy and what they’re planning is critical for defending yourself appropriately. Read the report for a great introduction to understanding security threats, and advice for detecting and responding to them.

The InOrder ERP [Royalty Contract] window allows you to declare “contract clauses” that select line items that will earn royalties. For example, you can create a clause that pays 10% royalty on “Domestic sales with discount less than 40%” or “All Canada Sales.” InOrder also lets you group these clauses so you can simplify the clause selections. For example, you can have the following group of clauses “Discount greater than 40%,” “Domestic Sales,” and “Foreign Sales.” In this case, any sales with high discounts will pay royalty on the first clause in the group. Otherwise the sale will pay on one of the other two clauses. To illustrate the grouping feature, we can create another clause in a separate group, which earns 1% bonus royalty for any sales that occurred before a certain date. This royalty bonus could be computed on the same contract, next to the other calculation because it is in a separate group. Each clause can earn the author royalty based on a flat percentage / amount, or a sliding scale that adjusts the rate based on sales to date for this specific clause.

This function also allows sliding scales to adjust the rate based on sales to date across all clauses in the clause group, even if some of those clauses pay 0% royalty. This allows you to offer sliding scales that are based on all sales that meet selection criteria for any clause in that clause group, but only pay royalties on the sales selected by that clause itself.

To use this feature, Set the Royalty Type to Rate and select the Tier Basis on the [Royalty Contract] Clause tab. The following selections are available:

Clause – This selection calculates each clause independently.

Group – This selection calculates all clauses in a clause group together, which means that sales for all classes in the clause group are used to jump to the next tier in the scale. For example, Group A contains two clauses, 10 and 20. Clause 10 pays x% up to 500 sold and y% over 500, but calculates only on sales in the US. Clause 20 pays X% up to 500 sold and Z% over 500, but calculates only on sales outside of the US. If 300 are sold in the US and 300 outside of the US, Clause 10 pays Y% and Clause 20 pays Z% because the total sold is over 500.

Until now, mobile shopping was limited by smaller and smaller screen sizes, but finally users are realizing that bigger screen sizes enable a better mobile buying platform. We believe that this will only increase customer demand where there are better Ecommerce applications.

I think this article by James Bickers is pretty accurate with the five mistakes retailers make with their mobile websites. Those mistakes include:

Information – Requiring too much entry on the part of the customer increases errors and results in frustration during checkout.

Lengthy – All the information requested takes too much time to check out, even without making mistakes.

Intrusive – When a site requires shoppers to register for an account without a guest checkout option, many shoppers will not check out, resulting in abandoned carts.

Experience – According to the article, 88% of mobile shoppers were not completely satisfied with the mobile shopping experience.

Security – While shoppers are concerned about the security of their payment information, they also complain about excessive security checks.

So, what do you do to improve your mobile shopping cart? Here are my suggestions:

Make the checkout process easy – I can make a lot of mistakes entering a lot of information on my phone. What will happen to my order if I fat-finger a key or don’t click something exactly the way the system expects? Will my neighbor get my order? Will I know if it was cancelled? These are real experiences. I just met a neighbor who was nice enough to drive a block away to deliver my package, and a co-worker recently had an order cancelled, but didn’t even know about it until she checked the status and it was too late to re-order in time for Christmas delivery.

Show your shoppers the checkout flow and let them know what to expect. Try to keep the flow consistent with your online cart.

Make the checkout process as efficient as possible with as few steps as possible. Keep it simple and quick. Keep page and image loading fast so customers won’t give up on you because it’s taking too long.

Companies are responding to shoppers’ lack of tolerance when a mobile site requires registration, so your customers have other places to go. If you want registration, at least offer rewards for registering. Another suggestion to consider is that every customer is a guest with a fast and easy checkout, but placing an order creates an account that a customer may or may not choose to access online, now or in the future. If a customer does not “sign in” and just places an order, the system should be smart enough to identify the customer and link to his or her previous orders. However, the ability to see saved information or previous orders, or to place new orders using saved credit card tokens, should always require a secure form of returning user authentication. This does not have to be a password that the user will need to remember. It could be a simple step, such as sending a text or email to the customer’s phone.

Provide a shipping estimate up front. It’s annoying to have to look for it on a computer, and forget it if I can’t find it while I’m fumbling with my phone.

Security – Of course I’m concerned about security. I don’t give my credit cards or passwords to anyone, so I do my part. If you say your sight is secure, I’ll believe you – I have to if I’m shopping on my phone, right? So, if I trust my credit card information to you as an Ecommerce shopper, it’s your job to keep it safe. However, I still want you to balance security with a good shopping experience.

For more suggestions on providing a great shopping experience for your customers, or for a free demo, call us at 800-860-9515.

When you purchase InOrder as your ERP system, our Discovery process has you covered. First, we work with you to fully assess your legacy data, and then we provide you with a detailed Data Conversion Proposal, by phase and category. This allows you to choose precisely which data and level of detail you would like your InOrder system to have when you turn it on.

Our data conversion team experts work with you throughout the process, as we build a reproducible data conversion process that extracts, cleanses, and imports your data. This allows you and your staff to learn and test the new InOrder ERP system using data that you are familiar with. Over the years we have refined this process, and so many of our techniques will surprise you, but they are extremely effective.

Checking the converted data on the new InOrder ERP system not only helps your staff to get familiar with the new system, it helps them feel more at home, and more involved in the conversion process.